x509: Correctly parse nonce in OCSP response

author Tobias Brunner <tobias@strongswan.org>

Fri, 22 Nov 2019 15:36:20 +0000 (16:36 +0100)

committer Tobias Brunner <tobias@strongswan.org>

Fri, 6 Dec 2019 08:52:30 +0000 (09:52 +0100)
author Tobias Brunner <tobias@strongswan.org>
Fri, 22 Nov 2019 15:36:20 +0000 (16:36 +0100)
committer Tobias Brunner <tobias@strongswan.org>
Fri, 6 Dec 2019 08:52:30 +0000 (09:52 +0100)
diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_response.c b/src/libstrongswan/plugins/x509/x509_ocsp_response.c

index 75eb9d7..f3ade37 100644 (file)
--- a/src/libstrongswan/plugins/x509/x509_ocsp_response.c
+++ b/src/libstrongswan/plugins/x509/x509_ocsp_response.c
@@ -577,7 +577,9 @@ static bool parse_basicOCSPResponse(private_x509_ocsp_response_t *this,
                                 DBG2(DBG_ASN, "  %s", critical ? "TRUE" : "FALSE");
                                 break;
                         case BASIC_RESPONSE_EXT_VALUE:
-                               if (extn_oid == OID_NONCE)
+                               if (extn_oid == OID_NONCE &&
+                                       asn1_parse_simple_object(&object, ASN1_OCTET_STRING,
+                                                                               parser->get_level(parser)+1, "nonce"))
                                 {
                                         this->nonce = object;
                                 }
author	Tobias Brunner <tobias@strongswan.org>
	Fri, 22 Nov 2019 15:36:20 +0000 (16:36 +0100)
committer	Tobias Brunner <tobias@strongswan.org>
	Fri, 6 Dec 2019 08:52:30 +0000 (09:52 +0100)